Penetration Testing mailing list archives
Re: Using Null Session information from NAT.EXE
From: Tom Fischer <Tom.Fischer () rus uni-stuttgart de>
Date: Thu, 1 Nov 2001 01:42:23 +0100
Hi, On Wed, Oct 31, 2001 at 10:07:10AM +0000, Ian Lyte wrote:
[...] The big question is, for me anyway, since NAT.EXE has succesfully found the Admin password it is obviously managing to connect to the other box somehow and get authenticated. How is it that NAT can and I can't? Is this due to NAT using its own modified SMBCLIENT and if so where can I get a copy of the SMBCLIENT only?
what's about the different LAN Manager authentication level? Nat.exe use the cygwin.dll (http://www.cygwin.com/) and not the Windows own LAN Manager authentication. So have a look at the authentication level: Windows NT (Q147706): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMcompatibilityLevel (REG_DWORD) Level 0 - Send LM response and NTLM response; never use NTLMv2 session Level 1 - Use NTLMv2 session security if negotiated Level 2 - Send NTLM authenication only ... (default 0) Windows 2000 (see GroupPolicy: LAN Manager Authentication Level) Alternatively use a linux box and smbclient ... or cygwin or ... ciao, Tom -- Tom Fischer Tom.Fischer () rus uni-stuttgart de RUS-CERT University of Stuttgart Tel:+49 711 685-8076 / -5898 (fax) Allmandring 30, D-70550 Stuttgart http://cert.uni-stuttgart.de/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Using Null Session information from NAT.EXE bs (Nov 01)
- <Possible follow-ups>
- Re: Using Null Session information from NAT.EXE Tom Fischer (Nov 01)
- RE: Using Null Session information from NAT.EXE Pierre Kroma (Nov 03)
- Re: Using Null Session information from NAT.EXE Windex King (Nov 01)
- How to sniff packets from afar? Shawn Duffy (Nov 05)
- Re: How to sniff packets from afar? Penetration Testing (Nov 08)
- Re: How to sniff packets from afar? ET LoWNOISE (Nov 08)
- Re: How to sniff packets from afar? Dug Song (Nov 08)
- How to sniff packets from afar? Shawn Duffy (Nov 05)